[ALSA-2023:2736] Important: kernel-rt security and bug fix update
Release date:
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c (CVE-2022-3564) * net/ulp: use-after-free in listening ULP sockets (CVE-2023-0461) * hw: cpu: AMD CPUs may transiently execute beyond unconditional direct branch (CVE-2021-26341) * malicious data for FBIOPUT_VSCREENINFO ioctl may cause OOB write memory (CVE-2021-33655) * when setting font with malicious data by ioctl PIO_FONT, kernel will write memory out of bounds (CVE-2021-33656) * possible race condition in drivers/tty/tty_buffers.c (CVE-2022-1462) * use-after-free in ath9k_htc_probe_device() could cause an escalation of privileges (CVE-2022-1679) * KVM: NULL pointer dereference in kvm_mmu_invpcid_gva (CVE-2022-1789) * KVM: nVMX: missing IBPB when exiting from nested guest can lead to Spectre v2 attacks (CVE-2022-2196) * netfilter: nf_conntrack_irc message handling issue (CVE-2022-2663) * race condition in xfrm_probe_algs can lead to OOB read/write (CVE-2022-3028) * media: em28xx: initialize refcount before kref_get (CVE-2022-3239) * race condition in hugetlb_no_page() in mm/hugetlb.c (CVE-2022-3522) * memory leak in ipv6_renew_options() (CVE-2022-3524) * data races around icsk->icsk_af_ops in do_ipv6_setsockopt (CVE-2022-3566) * data races around sk->sk_prot (CVE-2022-3567) * memory leak in l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c (CVE-2022-3619) * denial of service in follow_page_pte in mm/gup.c due to poisoned pte entry (CVE-2022-3623) * use-after-free after failed devlink reload in devlink_param_get (CVE-2022-3625) * USB-accessible buffer overflow in brcmfmac (CVE-2022-3628) * Double-free in split_2MB_gtt_entry when function intel_gvt_dma_map_guest_page failed (CVE-2022-3707) * l2tp: missing lock when clearing sk_user_data can lead to NULL pointer dereference (CVE-2022-4129) * igmp: use-after-free in ip_check_mc_rcu when opening and closing inet sockets (CVE-2022-20141) * Executable Space Protection Bypass (CVE-2022-25265) * Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option (CVE-2022-30594) * unmap_mapping_range() race with munmap() on VM_PFNMAP mappings leads to stale TLB entry (CVE-2022-39188) * TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED leading to guest malfunctioning (CVE-2022-39189) * Report vmalloc UAF in dvb-core/dmxdev (CVE-2022-41218) * u8 overflow problem in cfg80211_update_notlisted_nontrans() (CVE-2022-41674) * use-after-free related to leaf anon_vma double reuse (CVE-2022-42703) * use-after-free in bss_ref_get in net/wireless/scan.c (CVE-2022-42720) * BSS list corruption in cfg80211_add_nontrans_list in net/wireless/scan.c (CVE-2022-42721) * Denial of service in beacon protection for P2P-device (CVE-2022-42722) * memory corruption in usbmon driver (CVE-2022-43750) * NULL pointer dereference in traffic control subsystem (CVE-2022-47929) * NULL pointer dereference in rawv6_push_pending_frames (CVE-2023-0394) * use-after-free caused by invalid pointer hostname in fs/cifs/connect.c (CVE-2023-1195) * Soft lockup occurred during __page_mapcount (CVE-2023-1582) * slab-out-of-bounds read vulnerabilities in cbq_classify (CVE-2023-23454) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Updated packages listed below:
Architecture Package Checksum
x86_64 kernel-rt-debug-core-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm 0531ad05c460ae286cc7eab81f4b8879d000e6a3a77f0101009f124a038f4745
x86_64 kernel-rt-debug-modules-extra-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm 10e3049380916b8d7acf12e2a6e90c48b00e1412d82f4332aec76b8cc15ec3e5
x86_64 kernel-rt-core-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm 24865d069f3c541c58bf05cc4cd5620808a1f60112765f8ce10abbcf75537367
x86_64 kernel-rt-debug-devel-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm 3907f2936f5ce4e4f6a4b210559134f2ab58de45019c657b9fd8f77549395b72
x86_64 kernel-rt-debug-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm 555dc78b09648b384f172a7493ae6f2274fdfb61b8fa3c0ab284ac630edb8c8d
x86_64 kernel-rt-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm 6ba1122bfaa1bef8800ae8f8883b9d75a6e71e85792a2208bc5e7b70be4e406d
x86_64 kernel-rt-debug-kvm-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm 6e716ec3fe2e9d4e896bba13619567e87f21ce10f8dcb2888bd515e9ea71bbd6
x86_64 kernel-rt-devel-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm 9fb8a5bc6c754f35afb7d8d42b31ac8a22436809e126639775cac32f1641028d
x86_64 kernel-rt-kvm-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm ac9dca0048b5178f4b83b33610359676d0e9e6a02e57b313b63d67a5e0ce32b8
x86_64 kernel-rt-debug-modules-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm d00d97f0089d0b1f89a575cb4b4fb291c3b2d4cf3548652608069bee6a085b57
x86_64 kernel-rt-modules-extra-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm dbb2cb736485326d465a2ff5f077593f1b88979a9a0fa34d9378131c27d3868e
x86_64 kernel-rt-modules-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm ddc5206828fd3f9a71359259951be188bbb5e6bd480f213f21ffebf8ab80efd4
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.